We can’t deny that the cloud services offered to us have enhanced our infrastructure. Whilst we are provided with enumerable ways to maximise the resources, particularly for anyone who wishes to venture a new business can scale and reduce their overhead and maintenance costs.

However, as we enjoy the seamless collaboration and business agility, we must also be aware of the security, privacy statements and compliance requirements. Whether we use the cloud for online storage, web hosting or app development, our knowledge (and applying the checklist) to secure our data, will save us from data theft, breaches, and even downtime.

Identification and Authentication – It’s highly recommended to use a formidable authentication method when accessing accounts such as the two-factor authentication from the cloud service. Always remind everyone to use strong passwords for different accounts. Tight security such as using your fingerprint or a digital certificate to prove the person’s right to access any information will also help to secure data. Staff should regularly change their passwords when accessing cloud services and immediately delete users’ accounts after contractual projects are completed.

Cloud Administration – Appoint a competent and technically skilled administrator to oversee the cloud, who understands the basic features. Create policies on accessing accounts when they use it. For the whole department, you may conduct security awareness training to help them establish a good routine in handling data and passwords.

Data Protection – List down the data you want to store in the cloud and assess them regularly especially if these records should be kept there for long-term. You can also make Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) as your reference and avoid sharing data to unintended parties. If you need to give permission to a staff to access your personal data then make sure you regularly check if they still need access. If not, immediately change the user’s accessibility usage.

Service Continuity – Keep a direct and regular communication with your cloud vendor, so you can contact them in case of security issues. You may develop a contingency plan or a business continuity plan as an alternative if by chance your data will be inaccessible. You should always have an exit strategy for termination procedures if you wish to discontinue the cloud services subscription. Most people, who have become cloud dependent, should still always backup your data in the cloud and within their local network.

Terms of Service, Security and Privacy Policy – While it can be daunting to read the overwhelming pages of TOS and privacy policies of service providers, it is important that you know how your data is stored, transferred, and protected. Find out how the cloud vendor responds to incident reports and their SLAs for data protection. There might be some changes in the terms of service and privacy over time, so make sure you are updated with any new information.